Once again, a major data breach has hit the headlines, this time it’s Talk Talk.
The company claims that ‘there is a chance that… Credit card details and/or bank details’ of up to 4 million customers may be compromised in a ‘significant and sustained cyber-attack’.
I wrote here back in July that cyber terrorists were an emerging threat, and the Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said that hackers claiming to be a cyber-jihadi group had posted data that appeared to be private information from TalkTalk customers’ private information – although he stressed their claim was yet to be verified or investigated.
As Daniel Dresner a Lecturer in Information and cyber security and governance at Manchester University’s School of Computer Science observed on BBC ‘Breakfast’ on October 23rd – “There’s four million customers, if they (the hackers) do four million one pound transactions, that’s not a bad haul.”
Stephen Orfei the General Manager of the PCI Security Standards Council observed at the PCI Congress in Berlin in 2014 that payment card fraud was like a water filled balloon, you squeeze one place and it appears someplace else. And we all know that Chip & Pin has, since its introduction in 2004, greatly reduced ‘Customer Present’ fraud in the UK. As Stephen Orfei observed the crime isn’t going away, and why steal a single credit card when you can potentially harvest four million?
What does this mean to your business?
While we acknowledge that the PCI DSS Standard is the accepted standard for payment card security – indeed Compliance3 is a participating organization of the PCI Security Standards Council – but as data breaches become more common, we’re seeing customers seeking to remove card data from their environment completely.
We at Compliance3 work with our clients to de-scope their contact centres so that card data never enters their environment. We can also help to secure and cleanse any call recordings that might contain card data and provide rich pickings for data thieves.
As we observed in August, after the Carphone Warehouse data breach, at the risk of being simplistic, if you’re not storing something then, by definition, it can’t be stolen.
Look at the potential costs of a data breach, plus the ignominy of making headlines on ‘News at Ten’, surely it’s worth giving us a call.